Creating a VPN connection with a Namecheap.com hosted domain

Do you want to be able to connect into your home server from anywhere that you have an internet connection and from anyone’s PC?

You’ll need

  • admin rights on the PC so that you can create a VPN connection after you have everything setup.
  • a domain connected computer to create the dynamic updating
  • domain admin access to modify the user account used to make the final connection.
  • a dynamic dns record in the internet

Namecheap.com supports dynamic dns without the need to pay for anything but the namecheap domain.  And, all of their DNS packages support it.

 

These are the instructions to set up the dynamic dns record on the namecheap.com domain link

You’ll notice a link there for the NameCheap DNS Client, you can reach that download here.  Download that and install it on a domain joined computer in your home network. “Building a SharePoint 2016 Home Lab” explains how to build a domain, and how to create a SharePoint farm, but all you need is the domain.

To get the VPN going, you need a server that is a member of a domain and you need to do the following:

  • Add Remote Access Server Roles
  • Add DirectAccess and VPN (RAS) – even though you’re just setting up a VPN
  • Deploy both DirectAccess and VPN
  • Configure and Enable Routing and Remote Access
  • Select VPN and NAT
  • Use a custom configuration
  • Setup port forwarding for the vpn port 1723
  • Create a user account and give the user dial in permissions
  • Create a client VPN connection

This will work as long as you have properly setup the DNS record and installed the dynamic dns client app, here are some details behind each of these steps:

After you have followed the instructions on the namecheap site and created your dynamic dns record and pasted the password into the namecheap dns client on your server, after installing the small download, you can proceed.

The Dynamic dns record looks something like  this

Type                                   Host                                              Value                               TTL

A+ dynamic DNS                 NETBIOSNameOfYourServer         127.0.0.0                         Automatic

When you initially setup the dynamic DNS record, leave the value at 127.0.0.0 and then after you paste in the password that you get from inside your dashboard, based on these instructions then you are ready to proceed. The client program will update the namecheap dynamic dns record to your public Ip.  You can verify this by navigating to https://www.whatismyip.com/

This is a free method to keep your IP updated in DNS without having to pay for a static IP.  These are the instructions for getting the client on your server.

After you’ve got the DNS record automatically updating, proceed as follows:

Add Remote Access Server Roles

From the Server Manager Dashboard > Manage > Add Roles And Features > Add the Remote Access Server Role

Add DirectAccess and VPN (RAS)

Make sure to select Routing so that communication can happen once you’re connected to your home network

Deploy both DirectAccess and VPN

When prompted to install DirectAccess and VPN recommended option.  Note: none of this will work if the server is not a member of a domain

Configure and Enable Routing and Remote Access

From the start menu of the server start typing “Routing and Remote Access” then open the Routing and Remote Access console

At first RRAS is not configured, as shown below, it’s red.  Red is bad.  Green is good.

Click Action, Configure and Enable Routing and Remote Access

Select VPN and NAT

Use a Custom configuration

Start the service when prompted after choosing the custom configuration

Setup Port forwarding

Just login into your router and then go to the menu to setup the port forwarding. Once in the port forwarding menu, you’re going to need the IP of the server where you installed the dynamic dns client and you’re going to forward traffic on port 1723 for that IP.  There’s a lot of great videos out there on YouTube about this topic, but if you just want the instructions, this page has almost every make of router and the instructions.

Create a user with Dial-In permissions

At this point, if you right click on the server node in the Routing and Remote Access, you can see that it is configured, it’s green, and the configure option is grayed out.

For this step you need a user account in active directory.  Any old user account will work as this user just needs to have the Dial-In properties adjusted to Allow Access for the Network Access Permission.  Set that setting to ‘Allow Access’ and move onto the next step.

Create the VPN connection in the client

Go to control panel and search VPN.  Click Setup a Virtual Private Network (VPN) connection and enter in the name of the FQDN of your host.  For example, if your namecheap domain is named yourdomain.com then the value you enter here would be NetBIOSName.yourdomain.com (e.g. mdcapp12shr01.NameOfMyDomainOnNameCheap.com).  Do not use the IP address; since, if you have a home network your ISP will dynamically change your IP address from time to time and this will nullify, err jack up, your work.  It would work fine with a statically assigned IP to your home network, if you pay for one of those; but, if you’re like me, then you are like most people and, your IP address is dynamic.  You can name the vpn whatever you want.  Click Create

Now open a run bar and type ncpa.cpl to open the network connections on your computer and find your new VPN connection in a disconnected state.  Right click on it and click connect, this will open another window where you can click on the vpn connection and click connect.  Enter in the domain\username and password of the user you gave network access.

Boom!  You’re connected to your home network.  Now you can use mstsc.exe to connect to other servers in the home network.  For example, if you followed the instructions in “Building a SharePoint 2016 Home Lab” and have a domain controller, SQL server, and SharePoint server, as long as the domain controller and whichever server you setup the dynamic dns client are online, you can now connect to them.

When I set up my vpn, I configured the server that hosts my VM’s as the machine that is a member of the namecheap domain.  Hit me up on LinkedIN if you have any questions about any of this, or if you know me, give me a call, I’d be happy to assist you.  I also provide training in half hour chunks, the rate is $60 per 30 minute intervals.

Cheers!